Cyber Attacks Pose Serious Reputation Risk for Firms of All Sizes
Reputation is everything.
That’s why analytics and insights firm Aon’s latest Global Risk Management Survey identified reputational risk as the No. 1 category of risk facing organizations around the globe.
Investopedia defines reputational risk as “a threat or danger to the good name or standing of a business or entity.”
The definition lists three ways reputational risk can occur:
- Directly, resulting from the company itself
- Indirectly, resulting from an employee/employees
- Tangentially, resulting from other parties, such as partners or suppliers
Cybersecurity-related incidents, whether direct, indirect or tangential, are affecting organizations’ reputations, and recent headlines prove it.
Take the 2019 Capital One data breach, where more than 100 million customers’ data was compromised, for example.
Forbes predicted that customer confidence in Capital One would decrease as a result of the incident; that could, in turn, decrease revenues in the near term. This, coupled with the estimated recovery costs of $150 million, is a double blow to the bank’s reputation.
In fact, a Ponemon Institute study found that 54 percent of companies believe it can take from 10 months to more than two years to restore a company’s reputation following a breach of customer data. Leaders at many organizations recognize this and are taking notice of the impact a cyber incident can have on their firm’s bottom line and overall reputation.
A recent survey from Deloitte found CEOs and board members consider cyber incidents to be a top threat to their organizations, yet many are still not willing to invest in reputational risk programs—representing a disconnect in their strategic approach that can be detrimental to their organizations’ long-term viability.
According to IBM Security Intelligence, the global average price of a data breach in 2019 was $3.92 million—that’s enough to put small companies out of business.
How can firms protect their reputations from cybersecurity-related incidents? TalaTek believes every organization, regardless of size, should consider the following:
- Remember that security impacts reputation.
- Have a solid risk-management plan in place.
- Reference best practices, such as those in NIST’s Cybersecurity Framework.
- Emphasize incident prevention and incident response in your risk-management plan.
- Require on-going employee training on cybersecurity.
- Create a culture of security within the workplace.